Re: Which password cipher ?

On Wed, Dec 01, 2010 at 09:42:17AM +0000, Julio Merino wrote:
> Which makes me wonder... why do we even *ask* people to choose a
> cypher algorithm during install? Couldn't we, as the developers of
> the system, make a good choice for our users (and let them change it
> after installation if they so wish, just as they can with everything
> else)? (It just feels stupid that we have a question in sysinst for
> something as trivial as this but we don't have a way to select, e.g.
> which services to enable.)
Good point. I'm stumped by the question every time. Usually I think,
"I vaguely remember headlines about deficiencies of MD5 and of SHA1, so
I vaguely distrust them; DES has shortcomings that I cannot remember;
and for better or for worse, MD5 seems to be used everywhere." Then I
make an arbitrary choice!
On Wed, Dec 01, 2010 at 11:14:05AM +0000, Julio Merino wrote:
> Seriously: offering the user to set a root password is an obvious
> thing to do because we (the developers) can't choose one for the
> user.
Hmm, I don't know. If there's a good entropy source on the system,
sysinst can probably generate a better password than most users will
pick themselves. :-)
Dave
--
David Young OJC Technologies
dyoung%ojctech.com@localhost Urbana, IL * (217) 278-3933